﻿<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%option explicit%>
<%
Dim RZ_IN
RZ_IN=1
%>
<!--#include file="../conn.inc.asp" -->
<!--#include file="admin_inc/admin.function.asp" -->
<!--#include file="admin_inc/admin.sqlfunction.asp" -->

<!--#include file="admin_inc/md5.asp" -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>登陆验证</title>
</head>
<body>
<%
dim name,password,checkcode,question,answer
name=HTMLEncode(request.Form("name"))
password=HTMLEncode(request.Form("password"))
checkcode=HTMLEncode(request.Form("checkcode"))
question=HTMLEncode(request.Form("question"))
answer=HTMLEncode(request.Form("answer"))
if not isNumber(request.form("checkcode")) then
historygoback("登录失败！验证码必须是数字，请正确填写！")
end If 
if CInt(checkcode)<>Session("GetCode") then
historygoback("登录失败！验证码错误！")
End if
If (IsEmpty(name) Or name="") Then
historygoback("登录失败！请填写用户名！")
End If 
If (IsEmpty(password) Or password="") Then
historygoback("登陆失败！请填写密码！")
End If
If (IsEmpty(question) Or question="") Then
historygoback("登陆失败！请选择安全问题！")
End If
If (IsEmpty(answer) Or answer="") Then
historygoback("登陆失败！请填写提示答案！")
End If
Dim ip
ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR") 
If ip = "" Then
ip = Request.ServerVariables("REMOTE_ADDR") 
End If
Dim rs,sql,randomstring,rsc,sqlc
Set rs = Server.CreateObject("ADODB.Recordset")
sql = "select * from [c_user] where name='"&name&"' and password='"&MD5(password)&"' and question='"&question&"' and answer='"&answer&"'"
rs.open sql,conn,1,3
If not rs.eof and not rs.bof then
	 session("user_name")=rs("name")
	 session("user_level")=rs("level")
	 session("user_ip")=rs("ip")
	 session("user_logintime")=rs("logintime")
	 response.Cookies("user_name")=rs("name")
	 response.Cookies("user_level")=rs("level")	 
	 randomstring=gen_key(13)
	 session("randomstring")=randomstring
	 rs("randomstring")=randomstring
	 response.Cookies("randomstring")=randomstring
	 rs("ip")=ip
	 rs("logintime")=Now()
	 rs.update
	 rs.close
	 Set rs=Nothing
	response.redirect("admin.asp")
	Set rsc=Server.CreateObject("ADOBE.Recordset")
	sqlc="select * from [c_website]"
	rsc.open sqlc,conn,1,1
	If Not rsc.eof And Not rsc.bof Then
	session("email_smtp")=rsc("email_smtp")
	session("email_myemail")=rsc("email_myemail")
	session("email_myname")=rsc("email_myname")
	End If
	rsc.close
	Set rsc=Nothing
Else
rs.close
Set rs=Nothing
response.redirect("showmsg.asp?from=login.asp&msg=LoginFail")
End If 
%>
</body>
</html>